| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/api/platform_keys/platform_keys_api.h" | 5 #include "chrome/browser/extensions/api/platform_keys/platform_keys_api.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/values.h" | |
| 12 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" | 11 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
| 13 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" | 12 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" |
| 14 #include "chrome/browser/chromeos/platform_keys/platform_keys_service_factory.h" | 13 #include "chrome/browser/chromeos/platform_keys/platform_keys_service_factory.h" |
| 15 #include "chrome/common/extensions/api/platform_keys_internal.h" | 14 #include "chrome/common/extensions/api/platform_keys_internal.h" |
| 16 #include "content/public/browser/browser_thread.h" | 15 #include "content/public/browser/browser_thread.h" |
| 17 #include "net/cert/x509_certificate.h" | 16 #include "net/cert/x509_certificate.h" |
| 18 | 17 |
| 19 namespace extensions { | 18 namespace extensions { |
| 20 | 19 |
| 21 namespace api_pk = api::platform_keys; | 20 namespace api_pk = api::platform_keys; |
| 22 namespace api_pki = api::platform_keys_internal; | 21 namespace api_pki = api::platform_keys_internal; |
| 23 | 22 |
| 24 namespace { | |
| 25 | |
| 26 const char kErrorAlgorithmNotSupported[] = "Algorithm not supported."; | |
| 27 const char kErrorInvalidX509Cert[] = | |
| 28 "Certificate is not a valid X.509 certificate."; | |
| 29 | |
| 30 struct PublicKeyInfo { | |
| 31 // The X.509 Subject Public Key Info of the key in DER encoding. | |
| 32 std::string public_key_spki_der; | |
| 33 | |
| 34 // The type of the key. | |
| 35 net::X509Certificate::PublicKeyType key_type = | |
| 36 net::X509Certificate::kPublicKeyTypeUnknown; | |
| 37 | |
| 38 // The size of the key in bits. | |
| 39 size_t key_size_bits = 0; | |
| 40 }; | |
| 41 | |
| 42 // Builds a partial WebCrypto Algorithm object from the parameters available in | |
| 43 // |key_info|, which must the info of an RSA key. This doesn't include sign/hash | |
| 44 // parameters and thus isn't complete. | |
| 45 // platform_keys::GetPublicKey() enforced the public exponent 65537. | |
| 46 void BuildWebCryptoRSAAlgorithmDictionary(const PublicKeyInfo& key_info, | |
| 47 base::DictionaryValue* algorithm) { | |
| 48 CHECK_EQ(net::X509Certificate::kPublicKeyTypeRSA, key_info.key_type); | |
| 49 algorithm->SetStringWithoutPathExpansion("name", "RSASSA-PKCS1-v1_5"); | |
| 50 algorithm->SetIntegerWithoutPathExpansion("modulusLength", | |
| 51 key_info.key_size_bits); | |
| 52 | |
| 53 // Equals 65537. | |
| 54 const unsigned char defaultPublicExponent[] = {0x01, 0x00, 0x01}; | |
| 55 algorithm->SetWithoutPathExpansion( | |
| 56 "publicExponent", | |
| 57 base::BinaryValue::CreateWithCopiedBuffer( | |
| 58 reinterpret_cast<const char*>(defaultPublicExponent), | |
| 59 arraysize(defaultPublicExponent))); | |
| 60 } | |
| 61 | |
| 62 } // namespace | |
| 63 | |
| 64 namespace platform_keys { | 23 namespace platform_keys { |
| 65 | 24 |
| 66 const char kErrorInvalidToken[] = "The token is not valid."; | 25 const char kErrorInvalidToken[] = "The token is not valid."; |
| 26 const char kErrorAlgorithmNotSupported[] = "Algorithm not supported."; |
| 67 const char kTokenIdUser[] = "user"; | 27 const char kTokenIdUser[] = "user"; |
| 68 const char kTokenIdSystem[] = "system"; | 28 const char kTokenIdSystem[] = "system"; |
| 69 | 29 |
| 70 // Returns whether |token_id| references a known Token. | 30 // Returns whether |token_id| references a known Token. |
| 71 bool ValidateToken(const std::string& token_id, | 31 bool ValidateToken(const std::string& token_id, |
| 72 std::string* platform_keys_token_id) { | 32 std::string* platform_keys_token_id) { |
| 73 platform_keys_token_id->clear(); | 33 platform_keys_token_id->clear(); |
| 74 if (token_id == kTokenIdUser) { | 34 if (token_id == kTokenIdUser) { |
| 75 *platform_keys_token_id = chromeos::platform_keys::kTokenIdUser; | 35 *platform_keys_token_id = chromeos::platform_keys::kTokenIdUser; |
| 76 return true; | 36 return true; |
| (...skipping 10 matching lines...) Expand all Loading... |
| 87 if (platform_keys_token_id == chromeos::platform_keys::kTokenIdUser) | 47 if (platform_keys_token_id == chromeos::platform_keys::kTokenIdUser) |
| 88 return kTokenIdUser; | 48 return kTokenIdUser; |
| 89 if (platform_keys_token_id == chromeos::platform_keys::kTokenIdSystem) | 49 if (platform_keys_token_id == chromeos::platform_keys::kTokenIdSystem) |
| 90 return kTokenIdSystem; | 50 return kTokenIdSystem; |
| 91 | 51 |
| 92 return std::string(); | 52 return std::string(); |
| 93 } | 53 } |
| 94 | 54 |
| 95 } // namespace platform_keys | 55 } // namespace platform_keys |
| 96 | 56 |
| 97 PlatformKeysInternalGetPublicKeyFunction:: | |
| 98 ~PlatformKeysInternalGetPublicKeyFunction() { | |
| 99 } | |
| 100 | |
| 101 ExtensionFunction::ResponseAction | |
| 102 PlatformKeysInternalGetPublicKeyFunction::Run() { | |
| 103 scoped_ptr<api_pki::GetPublicKey::Params> params( | |
| 104 api_pki::GetPublicKey::Params::Create(*args_)); | |
| 105 EXTENSION_FUNCTION_VALIDATE(params); | |
| 106 | |
| 107 const std::vector<char>& cert_der = params->certificate; | |
| 108 if (cert_der.empty()) | |
| 109 return RespondNow(Error(kErrorInvalidX509Cert)); | |
| 110 scoped_refptr<net::X509Certificate> cert_x509 = | |
| 111 net::X509Certificate::CreateFromBytes(vector_as_array(&cert_der), | |
| 112 cert_der.size()); | |
| 113 if (!cert_x509) | |
| 114 return RespondNow(Error(kErrorInvalidX509Cert)); | |
| 115 | |
| 116 PublicKeyInfo key_info; | |
| 117 if (!chromeos::platform_keys::GetPublicKey( | |
| 118 cert_x509, &key_info.public_key_spki_der, &key_info.key_type, | |
| 119 &key_info.key_size_bits) || | |
| 120 key_info.key_type != net::X509Certificate::kPublicKeyTypeRSA) { | |
| 121 return RespondNow(Error(kErrorAlgorithmNotSupported)); | |
| 122 } | |
| 123 | |
| 124 api_pki::GetPublicKey::Results::Algorithm algorithm; | |
| 125 BuildWebCryptoRSAAlgorithmDictionary(key_info, | |
| 126 &algorithm.additional_properties); | |
| 127 | |
| 128 return RespondNow(ArgumentList(api_pki::GetPublicKey::Results::Create( | |
| 129 std::vector<char>(key_info.public_key_spki_der.begin(), | |
| 130 key_info.public_key_spki_der.end()), | |
| 131 algorithm))); | |
| 132 } | |
| 133 | |
| 134 PlatformKeysInternalSelectClientCertificatesFunction:: | 57 PlatformKeysInternalSelectClientCertificatesFunction:: |
| 135 ~PlatformKeysInternalSelectClientCertificatesFunction() { | 58 ~PlatformKeysInternalSelectClientCertificatesFunction() { |
| 136 } | 59 } |
| 137 | 60 |
| 138 ExtensionFunction::ResponseAction | 61 ExtensionFunction::ResponseAction |
| 139 PlatformKeysInternalSelectClientCertificatesFunction::Run() { | 62 PlatformKeysInternalSelectClientCertificatesFunction::Run() { |
| 140 scoped_ptr<api_pki::SelectClientCertificates::Params> params( | 63 scoped_ptr<api_pki::SelectClientCertificates::Params> params( |
| 141 api_pki::SelectClientCertificates::Params::Create(*args_)); | 64 api_pki::SelectClientCertificates::Params::Create(*args_)); |
| 142 EXTENSION_FUNCTION_VALIDATE(params); | 65 EXTENSION_FUNCTION_VALIDATE(params); |
| 143 | 66 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 165 OnSelectedCertificates(scoped_ptr<net::CertificateList> matches, | 88 OnSelectedCertificates(scoped_ptr<net::CertificateList> matches, |
| 166 const std::string& error_message) { | 89 const std::string& error_message) { |
| 167 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 90 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 168 if (!error_message.empty()) { | 91 if (!error_message.empty()) { |
| 169 Respond(Error(error_message)); | 92 Respond(Error(error_message)); |
| 170 return; | 93 return; |
| 171 } | 94 } |
| 172 DCHECK(matches); | 95 DCHECK(matches); |
| 173 std::vector<linked_ptr<api_pk::Match>> result_matches; | 96 std::vector<linked_ptr<api_pk::Match>> result_matches; |
| 174 for (const scoped_refptr<net::X509Certificate>& match : *matches) { | 97 for (const scoped_refptr<net::X509Certificate>& match : *matches) { |
| 175 PublicKeyInfo key_info; | |
| 176 if (!chromeos::platform_keys::GetPublicKey( | |
| 177 match, &key_info.public_key_spki_der, &key_info.key_type, | |
| 178 &key_info.key_size_bits)) { | |
| 179 LOG(ERROR) << "Could not retrieve public key info."; | |
| 180 continue; | |
| 181 } | |
| 182 if (key_info.key_type != net::X509Certificate::kPublicKeyTypeRSA) { | |
| 183 LOG(ERROR) << "Skipping unsupported certificate with non-RSA key."; | |
| 184 continue; | |
| 185 } | |
| 186 | |
| 187 linked_ptr<api_pk::Match> result_match(new api_pk::Match); | 98 linked_ptr<api_pk::Match> result_match(new api_pk::Match); |
| 188 std::string der_encoded_cert; | 99 std::string der_encoded_cert; |
| 189 net::X509Certificate::GetDEREncoded(match->os_cert_handle(), | 100 net::X509Certificate::GetDEREncoded(match->os_cert_handle(), |
| 190 &der_encoded_cert); | 101 &der_encoded_cert); |
| 191 result_match->certificate.assign(der_encoded_cert.begin(), | 102 result_match->certificate.assign(der_encoded_cert.begin(), |
| 192 der_encoded_cert.end()); | 103 der_encoded_cert.end()); |
| 193 | |
| 194 BuildWebCryptoRSAAlgorithmDictionary( | |
| 195 key_info, &result_match->key_algorithm.additional_properties); | |
| 196 result_matches.push_back(result_match); | 104 result_matches.push_back(result_match); |
| 197 } | 105 } |
| 198 Respond(ArgumentList( | 106 Respond(ArgumentList( |
| 199 api_pki::SelectClientCertificates::Results::Create(result_matches))); | 107 api_pki::SelectClientCertificates::Results::Create(result_matches))); |
| 200 } | 108 } |
| 201 | 109 |
| 202 PlatformKeysInternalSignFunction::~PlatformKeysInternalSignFunction() { | 110 PlatformKeysInternalSignFunction::~PlatformKeysInternalSignFunction() { |
| 203 } | 111 } |
| 204 | 112 |
| 205 ExtensionFunction::ResponseAction PlatformKeysInternalSignFunction::Run() { | 113 ExtensionFunction::ResponseAction PlatformKeysInternalSignFunction::Run() { |
| 206 scoped_ptr<api_pki::Sign::Params> params( | 114 scoped_ptr<api_pki::Sign::Params> params( |
| 207 api_pki::Sign::Params::Create(*args_)); | 115 api_pki::Sign::Params::Create(*args_)); |
| 208 EXTENSION_FUNCTION_VALIDATE(params); | 116 EXTENSION_FUNCTION_VALIDATE(params); |
| 209 std::string platform_keys_token_id; | 117 std::string platform_keys_token_id; |
| 210 if (!params->token_id.empty() && | 118 if (!platform_keys::ValidateToken(params->token_id, &platform_keys_token_id)) |
| 211 !platform_keys::ValidateToken(params->token_id, | |
| 212 &platform_keys_token_id)) { | |
| 213 return RespondNow(Error(platform_keys::kErrorInvalidToken)); | 119 return RespondNow(Error(platform_keys::kErrorInvalidToken)); |
| 214 } | 120 |
| 121 chromeos::platform_keys::HashAlgorithm hash_algorithm; |
| 122 if (params->hash_algorithm_name == "SHA-1") |
| 123 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA1; |
| 124 else if (params->hash_algorithm_name == "SHA-256") |
| 125 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA256; |
| 126 else if (params->hash_algorithm_name == "SHA-384") |
| 127 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA384; |
| 128 else if (params->hash_algorithm_name == "SHA-512") |
| 129 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA512; |
| 130 else |
| 131 return RespondNow(Error(platform_keys::kErrorAlgorithmNotSupported)); |
| 215 | 132 |
| 216 chromeos::PlatformKeysService* service = | 133 chromeos::PlatformKeysService* service = |
| 217 chromeos::PlatformKeysServiceFactory::GetForBrowserContext( | 134 chromeos::PlatformKeysServiceFactory::GetForBrowserContext( |
| 218 browser_context()); | 135 browser_context()); |
| 219 DCHECK(service); | 136 DCHECK(service); |
| 220 | 137 |
| 221 if (params->hash_algorithm_name == "none") { | 138 service->Sign( |
| 222 service->SignRSAPKCS1Raw( | 139 platform_keys_token_id, |
| 223 platform_keys_token_id, | 140 std::string(params->public_key.begin(), params->public_key.end()), |
| 224 std::string(params->data.begin(), params->data.end()), | 141 hash_algorithm, std::string(params->data.begin(), params->data.end()), |
| 225 std::string(params->public_key.begin(), params->public_key.end()), | 142 extension_id(), |
| 226 extension_id(), | 143 base::Bind(&PlatformKeysInternalSignFunction::OnSigned, this)); |
| 227 base::Bind(&PlatformKeysInternalSignFunction::OnSigned, this)); | |
| 228 } else { | |
| 229 chromeos::platform_keys::HashAlgorithm hash_algorithm; | |
| 230 if (params->hash_algorithm_name == "SHA-1") { | |
| 231 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA1; | |
| 232 } else if (params->hash_algorithm_name == "SHA-256") { | |
| 233 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA256; | |
| 234 } else if (params->hash_algorithm_name == "SHA-384") { | |
| 235 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA384; | |
| 236 } else if (params->hash_algorithm_name == "SHA-512") { | |
| 237 hash_algorithm = chromeos::platform_keys::HASH_ALGORITHM_SHA512; | |
| 238 } else { | |
| 239 return RespondNow(Error(kErrorAlgorithmNotSupported)); | |
| 240 } | |
| 241 service->SignRSAPKCS1Digest( | |
| 242 platform_keys_token_id, | |
| 243 std::string(params->data.begin(), params->data.end()), | |
| 244 std::string(params->public_key.begin(), params->public_key.end()), | |
| 245 hash_algorithm, extension_id(), | |
| 246 base::Bind(&PlatformKeysInternalSignFunction::OnSigned, this)); | |
| 247 } | |
| 248 | |
| 249 return RespondLater(); | 144 return RespondLater(); |
| 250 } | 145 } |
| 251 | 146 |
| 252 void PlatformKeysInternalSignFunction::OnSigned( | 147 void PlatformKeysInternalSignFunction::OnSigned( |
| 253 const std::string& signature, | 148 const std::string& signature, |
| 254 const std::string& error_message) { | 149 const std::string& error_message) { |
| 255 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 150 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 256 if (error_message.empty()) | 151 if (error_message.empty()) |
| 257 Respond(ArgumentList(api_pki::Sign::Results::Create( | 152 Respond(ArgumentList(api_pki::Sign::Results::Create( |
| 258 std::vector<char>(signature.begin(), signature.end())))); | 153 std::vector<char>(signature.begin(), signature.end())))); |
| 259 else | 154 else |
| 260 Respond(Error(error_message)); | 155 Respond(Error(error_message)); |
| 261 } | 156 } |
| 262 | 157 |
| 263 } // namespace extensions | 158 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 929683002:
Revert "Implement chrome.platformKeys.getKeyPair()." (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master